GazeTouchPIN: Protecting Sensitive Data on Mobile Devices Using Secure Multimodal Authentication

Although mobile devices provide access to a plethora of sensitive data, most users still only protect them with PINs or patterns, which are vulnerable to side-channel attacks (e.g., shoulder surfing). How-ever, prior research has shown that privacy-aware users are willing to take further steps to protect their private data. We propose GazeTouchPIN, a novel secure authentication scheme for mobile devices that combines gaze and touch input. Our multimodal approach complicates shoulder-surfing attacks by requiring attackers to ob-serve the screen as well as the user’s eyes to and the password. We evaluate the security and usability of GazeTouchPIN in two user studies (N=30). We found that while GazeTouchPIN requires longer entry times, privacy aware users would use it on-demand when feeling observed or when accessing sensitive data. The results show that successful shoulder surfing attack rate drops from 68% to 10.4%when using GazeTouchPIN

Culture and disaster risk management - citizens’ reactions and opinions during Citizen Summit in Frankfurt, Germany

The analyses and results in this document are based on the data collected during the fourth Citizen Summit held in Frankfurt/Germany on June 14th 2017. As the previous three Citizen Summits held in Romania, Malta and Italy, this Citizen Summit was designed as a one-day event combining public information with feedback gathering through different methods of data collection. In the morning session, 42 questions with pre-defined answer options were posed to the audience and collected via an audience response system. In the afternoon session, small moderated group discussions of approximately 1.5 hours duration were held, which followed a detailed set of questions and discussion guidelines, including a short association exercise. All questions and discussions aimed to explore cultural factors in citizens’ attitudes, feelings, and perceptions towards disaster risks, as well as their identification in relation to disaster preparation, response and recovery. In coordination with the Work Package 11 briefs, the definition and design of the questions was based on: 1) Results from Citizen Summits 1 and 2, complementing in particular the data related to risk perception with the aim to build up a comprehensive base for cultural comparison across all six summits; 2) Results from Stakeholder Assemblies 1 and 2, in particular regarding the identification of non-professional (“cultural”) leaders in disaster situations, motivators for improving disaster preparedness, and the role of trust/distrust; 3) Results from Work Package 3, aiming to complement and increase knowledge about citizens’ uptake of mobile phone apps and interest in usage of different features, also in contrast to social media use; 4) Results from Work Package 4, in particular regarding recent research findings in the relationships between perceived disaster preparedness and actual disaster preparedness, and in the ambivalent relationships between trust in authorities and citizens’ personal preparedness; 5) Results from Work Package 7, aiming to complement the research regarding citizen empowerment by exploring trust as a bi-directional relationship between citizens and disaster managers; and 6) Results from Work Package 8, taking into account the role of media in all phases of disaster management. For a detailed overview of all questions asked and topics discussed please see Appendix A. Overall, 105 citizens participated in this Germany event. The total sample shows a relatively even gender and age distribution, which is unsurprising given the target quotas that were requested from the recruiting local market research agency. The comparatively low number of senior citizens aged 65 and above was expected and reflects mobility issues. Participants were asked about three key aspects of experience of disasters and disaster risk perception that could potentially have an impact on how other questions were answered. Two out of three respondents indicated that they themselves, or a close friend or family member, have experienced a disaster, more than half (54%) felt that they were living in an area that is specifically prone to disasters, and 62% answered that they know other people in the area where they live who they think are particularly vulnerable or exposed to disasters. Slight gender differences (as well as age-related differences) were found to be not statistically significant (p>=.05). This report is structured in five main sections: After this introduction, the second section will provide an overview of the different methods applied. The third section, based on the quantitative data collected via the audience response system, presents the results from questions on general disaster risk perceptions, disaster preparedness, behaviours in disaster situations with a particular focus on the use of mobile phone apps and social media, and trust between citizens and different authorities including trust in different social media sources. In the fourth section, based on the qualitative data collected in the ten discussion groups, the analyses will take up the topics introduced in the previous section, focusing first on the role of citizens’ trust in different entities, in particular towards different authorities, “non-professional” leaders, and the media. Furthermore, this section will report on the participating citizens’ attitudes towards improving their disaster preparedness through different measures. In all topics, the analyses seek to identify different cultural aspects which may play a role in an improved disaster preparedness and response. The final section compares and contrasts the results from Sections 3 and 4, draws some tentative conclusions, and identifies topics and issues that should feed into the last round of events in 2018, i.e. the 3rd Stakeholder Assembly, as well as the 5th and 6th Citizen Summits.The project was co-funded by the European Commission within the Horizon2020 Programme (2014-2020).peer-reviewe

Encouraging Privacy-Aware Smartphone App Installation: Finding out what the Technically-Adept Do

Smartphone apps can harvest very personal details from the phone with ease. This is a particular privacy concern. Unthinking installation of untrustworthy apps constitutes risky behaviour. This could be due to poor awareness or a lack of knowhow: knowledge of how to go about protecting privacy. It seems that Smartphone owners proceed with installation, ignoring any misgivings they might have, and thereby irretrievably sacrifice their privacy

Technology use in everyday life: Implications for designing for older users

This study examines the experience and attitudes of older adults towards technology and how they compare with younger age groups. Two hundred and thirty seven participants completed an extensive questionnaire exploring their daily lifestyle, use of technology, attitudes towards technology, and perceived difficulty of household devices. The main findings from the study were; (1) there was a strong motivation to learn or to continue learning to use computers by the older group; (2) social connectedness influenced how the older group used or would like to use technology and also why some preferred not to use it; and finally (3) there was an age-related increase in perceived difficulty for many household devices, however some devices maintained intergenerational usability. These finding can be used to inform the design of future intergenerational household technologies

GazeTouchPass: Multimodal Authentication Using Gaze and Touch on Mobile Devices

We propose a multimodal scheme, GazeTouchPass, that combines gaze and touch for shoulder-surfing resistant user authentication on mobile devices. GazeTouchPass allows passwords with multiple switches between input modalities during authentication. This requires attackers to simultaneously observe the device screen and the user's eyes to find the password. We evaluate the security and usability of GazeTouchPass in two user studies. Our findings show that GazeTouchPass is usable and significantly more secure than single-modal authentication against basic and even advanced shoulder-surfing attacks